From 269b62f8288cefb9d0447efb368100b208069fe9 Mon Sep 17 00:00:00 2001
From: Jindrich Novy <jnovy@redhat.com>
Date: Nov 28 2012 10:14:27 +0000
Subject: Sanitize of MC_EXT_SELECTED variable when viewing multiple files

- CVE-2012-4463 (rhbz#862814)
- https://www.midnight-commander.org/ticket/2913

---

diff --git a/mc-ext.c_quote_mc_ext_env_vars.diff b/mc-ext.c_quote_mc_ext_env_vars.diff
new file mode 100644
index 0000000..531b30c
--- /dev/null
+++ b/mc-ext.c_quote_mc_ext_env_vars.diff
@@ -0,0 +1,31 @@
+--- ./src/filemanager/ext.c
++++ ./src/filemanager/ext.c
+@@ -155,12 +155,13 @@
+     {
+         const char symbol;
+         const char *name;
++        const char *delim;
+     } export_variables[] = {
+-        {'p', "MC_EXT_BASENAME"},
+-        {'d', "MC_EXT_CURRENTDIR"},
+-        {'s', "MC_EXT_SELECTED"},
+-        {'t', "MC_EXT_ONLYTAGGED"},
+-        {'\0', NULL}
++        {'p', "MC_EXT_BASENAME", ""},
++        {'d', "MC_EXT_CURRENTDIR", ""},
++        {'s', "MC_EXT_SELECTED", "\""},
++        {'t', "MC_EXT_ONLYTAGGED", "\""},
++        {'\0', NULL, 0}
+     };
+     /* *INDENT-ON* */
+ 
+@@ -178,7 +179,8 @@
+         if (text != NULL)
+         {
+             g_string_append_printf (export_vars_string,
+-                                    "%s=%s\nexport %s\n", export_variables[i].name, text,
++                                    "%s=%s%s%s\nexport %s\n", export_variables[i].name,
++                                    export_variables[i].delim, text, export_variables[i].delim,
+                                     export_variables[i].name);
+             g_free (text);
+         }
diff --git a/mc.spec b/mc.spec
index cbb6abc..d7011ea 100644
--- a/mc.spec
+++ b/mc.spec
@@ -1,12 +1,13 @@
 Summary:	User-friendly text console file manager and visual shell
 Name:		mc
 Version:	4.8.6
-Release:	1%{?dist}
+Release:	2%{?dist}
 Epoch:		1
 License:	GPLv3+
 Group:		System Environment/Shells
 Source0:	http://www.midnight-commander.org/downloads/mc-%{version}.tar.xz
 URL:		http://www.midnight-commander.org/
+Patch0:		mc-ext.c_quote_mc_ext_env_vars.diff
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	glib2-devel e2fsprogs-devel slang-devel gpm-devel groff
 BuildRequires:	aspell-devel libssh2-devel >= 1.2.5
@@ -20,6 +21,7 @@ specific files.
 
 %prep
 %setup -q
+%patch0 -p1 -b .CVE-2012-4463
 
 %build
 export CFLAGS="-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $RPM_OPT_FLAGS -Wno-strict-aliasing"
@@ -75,6 +77,11 @@ rm -rf $RPM_BUILD_ROOT
 %dir %{_libexecdir}/mc/ext.d
 
 %changelog
+* Wed Nov 28 2012 Jindrich Novy <jnovy@redhat.com> 4.8.6-2
+- sanitize of MC_EXT_SELECTED variable when viewing
+  multiple files, CVE-2012-4463 (#862814)
+  https://www.midnight-commander.org/ticket/2913
+
 * Thu Sep 20 2012 Jindrich Novy <jnovy@redhat.com> 4.8.6-1
 - update to 4.8.6 (#857512)